RubyGems - locomotive_cms - Versions diffs - 2.3.1 → 2.4.0 - Mend

locomotive_cms 2.3.1 → 2.4.0

Files changed (81) hide show

data/config/locales/devise.pl.yml CHANGED

@@ -45,7 +45,7 @@ pl:
         unlock_instructions: 'Instrukcje odblokowywania'
-  locomotive_account:
+  locomotive:
     devise_mailer:
       common:
         hello: Witaj

data/config/locales/devise.pt-BR.yml CHANGED

@@ -44,7 +44,7 @@ pt-BR:
         unlock_instructions: 'Instruções de desbloqueio'
-  locomotive_account:
+  locomotive:
     devise_mailer:
       common:
         hello: Olá
@@ -59,4 +59,4 @@ pt-BR:
       unlock_instructions:
         locked_account_message: "Sua conta foi bloqueada devido a excessiva tentativa de logins sem sucesso."
         unlock_account_instruction: "Clique no link abaixo para desbloquear sua conta:"
-        unlock_my_account: "Desbloquear minha conta"
+        unlock_my_account: "Desbloquear minha conta"

data/config/locales/devise.ru.yml CHANGED

@@ -45,7 +45,7 @@ ru:
         unlock_instructions: 'Инструкции по разблокированию'
-  locomotive_account:
+  locomotive:
     devise_mailer:
       common:
         hello: Здравствуйте

data/config/locales/devise.zh-CN.yml CHANGED

@@ -45,7 +45,7 @@ zh-CN:
         unlock_instructions: '解锁说明'
-  locomotive_account:
+  locomotive:
     devise_mailer:
       common:
         hello: 你好

data/config/routes.rb CHANGED

@@ -73,10 +73,10 @@ Rails.application.routes.draw do
       resource  :my_account, controller: 'my_account', only: :show
-      resources :accounts, only: [:index, :show, :create, :destroy]
       with_options only: [:index, :show, :create, :update, :destroy] do |api|
+        api.resources :accounts
         api.resources :sites
         api.resources :pages

data/features/api/accounts.feature CHANGED

@@ -22,4 +22,22 @@ Feature: Accounts
     When I do an API GET request to accounts.json
     Then the JSON response should be an array
     And the JSON response should have 2 entries
-    And the JSON response at "1/name" should be "New User"
+    And the JSON response at "1/name" should be "New User"
+  Scenario: Updating a account
+    Given I have an "admin" API token
+    And I have accounts:
+      | name | email           | id                       |
+      | User | new-user1@a.com | 4f832c2cb0d86d3f42fffffc |
+    When I do an API PUT to accounts/4f832c2cb0d86d3f42fffffc.json with:
+    """
+    {
+      "account": {
+        "name": "Modified User"
+      }
+    }
+    """
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
+    Then the JSON response should be an hash
+    And the JSON response at "name" should be "Modified User"

data/features/api/authorization/accounts.feature CHANGED

@@ -34,9 +34,9 @@ Feature: Accounts
     Given I have an "author" API token
     When I do an API GET request to accounts.json
     Then an access denied error should occur
   # showing account
   Scenario: Accessing account as an Admin
     Given I have an "admin" API token
     When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
@@ -45,19 +45,19 @@ Feature: Accounts
     Then the JSON response at "email" should be "new-user2@a.com"
     When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffe.json
     Then the JSON response at "email" should be "new-user3@a.com"
   Scenario: Accessing account as a Designer
     Given I have a "designer" API token
     When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
     Then an access denied error should occur
   Scenario: Accessing account as an Author
     Given I have an "author" API token
     When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
     Then an access denied error should occur
   # create account
   Scenario: Creating new account as an Admin
     Given I have an "admin" API token
     When I do an API POST to accounts.json with:
@@ -73,7 +73,7 @@ Feature: Accounts
     When I do an API GET request to accounts.json
     Then the JSON response should be an array
     And the JSON response should have 7 entries
   Scenario: Creating new account as a Designer
     Given I have a "designer" API token
     When I do an API POST to accounts.json with:
@@ -87,7 +87,7 @@ Feature: Accounts
     }
     """
     Then an access denied error should occur
   Scenario: Creating new account as an Author
     Given I have an "author" API token
     When I do an API POST to accounts.json with:
@@ -101,9 +101,49 @@ Feature: Accounts
     }
     """
     Then an access denied error should occur
+  # update account
+  Scenario: Creating new account as an Admin
+    Given I have an "admin" API token
+    When I do an API PUT to accounts/4f832c2cb0d86d3f42fffffc.json with:
+    """
+    {
+      "account": {
+        "name": "Modified User"
+      }
+    }
+    """
+    When I do an API GET request to accounts/4f832c2cb0d86d3f42fffffc.json
+    Then the JSON response should be an hash
+    And the JSON response at "name" should be "Modified User"
+  Scenario: Creating new account as a Designer
+    Given I have a "designer" API token
+    When I do an API PUT to accounts/4f832c2cb0d86d3f42fffffc.json with:
+    """
+    {
+      "account": {
+        "name": "Modified User"
+      }
+    }
+    """
+    Then an access denied error should occur
+  Scenario: Creating new account as an Author
+    Given I have an "author" API token
+    When I do an API PUT to accounts/4f832c2cb0d86d3f42fffffc.json with:
+    """
+    {
+      "account": {
+        "name": "Modified User"
+      }
+    }
+    """
+    Then an access denied error should occur
   # destroy account
   Scenario: Destroying account as an Admin
     Given I have an "admin" API token
     When I do an API GET request to accounts.json
@@ -113,12 +153,12 @@ Feature: Accounts
     When I do an API GET request to accounts.json
     Then the JSON response should be an array
     And the JSON response should have 5 entries
   Scenario: Destroying account as a Designer
     Given I have a "designer" API token
     When I do an API DELETE to accounts/4f832c2cb0d86d3f42fffffe.json
     Then an access denied error should occur
   Scenario: Deleting account as an Author
     Given I have a "author" API token
     When I do an API DELETE to accounts/4f832c2cb0d86d3f42fffffe.json

data/features/backoffice/content_types/has_many.feature CHANGED

@@ -37,7 +37,7 @@ Scenario: I view a client without any projects
 Scenario: I add a project to a client
   When I go to the list of "Projects"
   And I choose "Fun project" in the list
-  And I select "Alpha, Inc" from "Client"
+  And I select2 "Alpha, Inc" from "content_entry_client_id"
   And I press "Save"
   Then I should see "Entry was successfully updated."
   When I go to the list of "Clients"
@@ -73,8 +73,8 @@ Scenario: with_scope with label value
   Then the rendered output should look like:
     """
     <hr>
     - Fun project<br>
     <hr>
     """

data/features/backoffice/content_types/integer.feature CHANGED

@@ -8,8 +8,8 @@ Background:
   And I have a custom model named "ToDos" with
     | label         | type      | required    |
     | Task          | string    | true        |
-    | priority      | integer   | true        |
+    | Priority      | integer   | true        |
   And I am an authenticated user
 @javascript
@@ -17,10 +17,10 @@ Scenario:
   And I go to the list of "ToDos"
   And I follow "new entry" within the main content
   And I fill in "Task" with "Buy milk"
-  And I fill in "priority" with "one"
+  And I fill in "Priority" with "one"
   And I press "Create"
   Then I should see "Entry was not created."
-  When I fill in "priority" with "1"
+  When I fill in "Priority" with "1"
   And I press "Create"
   Then I should see "Entry was successfully created."

data/features/backoffice/content_types/many_to_many.feature CHANGED

@@ -31,7 +31,7 @@ Scenario: I attach projects to an article
   When I go to the list of "Articles"
   And I choose "Hello world" in the list
   Then I should see "The list is empty. Add an entry from the select box below."
-  When I select "My sexy project" from "entry"
+  When I select2 "My sexy project" from "entry"
   And I follow "+ add"
   Then I should see "My sexy project" within the list of entries
   And "p.empty" should not be visible within the list of entries

data/features/backoffice/my_account.feature CHANGED

@@ -17,5 +17,6 @@ Scenario: Viewing my API key
 Scenario: Changing  my API key
   When I go to the account settings
   And I click on the "Credentials" folder
+  And I should see "d49cd50f6f0d2b163f48fc73cb249f0244c37074"
   And I press "Regenerate"
   Then I should not see "d49cd50f6f0d2b163f48fc73cb249f0244c37074"

data/features/step_definitions/web_steps.rb CHANGED

@@ -215,4 +215,11 @@ end
 Then(/^I click on "(.*?)"$/) do |selector|
   find(selector).click
+end
+When(/^I select2 "(.*?)" from "(.*?)"$/) do |text, from|
+  page.find("#s2id_#{from} a").click
+  find(:xpath, "//body").find("input.select2-input").set(text)
+  page.execute_script(%|$("input.select2-input:visible").keyup();|)
+  find(:xpath, '//body').find('ul.select2-results li', text: text).click
 end

data/lib/locomotive/action_controller/public_responder.rb CHANGED

@@ -14,7 +14,7 @@ module Locomotive
             redirect_to navigation_location
           else
             # render the locomotive page
-            self.controller.send :render_locomotive_page, navigation_location, {
+            self.controller.send :render_locomotive_page, navigation_location_for_locomotive, {
               entry.content_type.slug.singularize => entry.to_presenter(include_errors: true).as_json
             }
           end
@@ -28,6 +28,29 @@ module Locomotive
         end
       end
+      def navigation_location_for_locomotive
+        locale, location = self.extract_locale_and_location
+        if locale
+          ::I18n.locale = ::Mongoid::Fields::I18n.locale = locale
+          location
+        else
+          navigation_location
+        end
+      end
+      protected
+      def extract_locale_and_location
+        locales = self.controller.send(:current_site).locales.join('|')
+        if navigation_location =~ /\/(#{locales})+\/(.+)/
+          [$1, $2]
+        else
+          nil
+        end
+      end
     end
   end
 end

data/lib/locomotive/core_ext.rb CHANGED

@@ -5,8 +5,14 @@
 class String #:nodoc
   def permalink(underscore = false)
-    permalink = self.to_url
-    underscore ? permalink.underscore : permalink
+    # if the slug includes one "_" at least, we consider that the "_" is used instead of "-".
+    _permalink = if !self.index('_').nil?
+      self.to_url(replace_whitespace_with: '_')
+    else
+      self.to_url
+    end
+    underscore ? _permalink.underscore : _permalink
   end
   def permalink!(underscore = false)

data/lib/locomotive/devise.rb CHANGED

@@ -1 +1,22 @@
 # patches for devise here
+# http://blog.plataformatec.com.br/2013/11/e-mail-enumeration-in-devise-in-paranoid-mode/
+# Put this inside config/initializers/devise_paranoid_fix.rb
+require 'devise/strategies/database_authenticatable'
+Devise::Strategies::DatabaseAuthenticatable.class_eval do
+  def authenticate!
+    resource  = valid_password? && mapping.to.find_for_database_authentication(authentication_hash)
+    encrypted = false
+    return fail(:invalid) unless resource
+    if validate(resource){ encrypted = true; resource.valid_password?(password) }
+      resource.after_database_authentication
+      success!(resource)
+    end
+    mapping.to.new.password = password if !encrypted && Devise.paranoid
+    fail(:not_found_in_database) unless resource
+  end
+end

data/lib/locomotive/httparty/webservice.rb CHANGED

@@ -7,21 +7,30 @@ module Locomotive
       include ::HTTParty
       def self.consume(url, options = {})
-        url = HTTParty.normalize_base_uri(url)
-        uri = URI.parse(url)
-        options[:base_uri] = "#{uri.scheme}://#{uri.host}"
-        options[:base_uri] += ":#{uri.port}" if uri.port != 80
-        path = uri.request_uri
+        options[:base_uri], path = self.extract_base_uri_and_path(url)
         options.delete(:format) if options[:format] == 'default'
+        # auth ?
         username, password = options.delete(:username), options.delete(:password)
         options[:basic_auth] = { username: username, password: password } if username
-        path ||= '/'
+        self.perform_request(path, options)
+      end
+      def self.extract_base_uri_and_path(url)
+        url = HTTParty.normalize_base_uri(url)
-        # puts "[WebService] consuming #{path}, #{options.inspect}"
+        uri       = URI.parse(url)
+        path      = uri.request_uri || '/'
+        base_uri  = "#{uri.scheme}://#{uri.host}"
+        base_uri  += ":#{uri.port}" if uri.port != 80
+        [base_uri, path]
+      end
+      def self.perform_request(path, options)
+        # [DEBUG] puts "[WebService] consuming #{path}, #{options.inspect}"
         response        = self.get(path, options)
         parsed_response = response.parsed_response
@@ -35,7 +44,6 @@ module Locomotive
         else
           nil
         end
       end
     end

data/lib/locomotive/liquid.rb CHANGED

@@ -2,6 +2,7 @@ require 'locomotive/liquid/drops/base'
 require 'locomotive/liquid/drops/proxy_collection'
 require 'locomotive/liquid/filters/base'
 require 'locomotive/liquid/tags/hybrid'
+require 'locomotive/liquid/tags/path_helper'
 %w{. tags drops filters}.each do |dir|
   Dir[File.join(File.dirname(__FILE__), 'liquid', dir, '*.rb')].each { |lib| require lib }

data/lib/locomotive/liquid/tags/consume.rb CHANGED

@@ -25,28 +25,25 @@ module Locomotive
             raise ::Liquid::SyntaxError.new("Syntax Error in 'consume' - Valid syntax: consume <var> from \"<url>\" [username: value, password: value]")
           end
-          @cache_key = Digest::SHA1.hexdigest(@target)
           @local_cache_key = self.hash
           super
         end
         def render(context)
-          if @is_var
-            @url = context[@url]
+          if instance_variable_defined? :@variable_name
+            @url = context[@variable_name]
           end
           render_all_and_cache_it(context)
         end
         protected
-        def prepare_url(url)
-          @url    = url
-          @is_var = false
-          if @url.match(::Liquid::QuotedString)
-            @url.gsub!(/['"]/, '')
-          elsif @url.match(::Liquid::VariableSignature)
-            @is_var = true
+        def prepare_url(token)
+          if token.match(::Liquid::QuotedString)
+            @url = token.gsub(/['"]/, '')
+          elsif token.match(::Liquid::VariableSignature)
+            @variable_name = token
           else
             raise ::Liquid::SyntaxError.new("Syntax Error in 'consume' - Valid syntax: consume <var> from \"<url>\" [username: value, password: value]")
           end
@@ -61,6 +58,10 @@ module Locomotive
           @expires_in = (@options.delete('expires_in') || 0).to_i
         end
+        def page_fragment_cache_key(url)
+          Digest::SHA1.hexdigest(@target.to_s + url)
+        end
         def cached_response
           @@local_cache ||= {}
           @@local_cache[@local_cache_key]
@@ -72,7 +73,7 @@ module Locomotive
         end
         def render_all_and_cache_it(context)
-          Rails.cache.fetch(@cache_key, expires_in: @expires_in, force: @expires_in == 0) do
+          Rails.cache.fetch(page_fragment_cache_key(@url), expires_in: @expires_in, force: @expires_in == 0) do
             self.render_all_without_cache(context)
           end
         end